By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

My high school track coach had a speech he gave at least once a year about "protecting the family jewels." I was clueless; I thought he was talking about my watch and class ring. Many Solaris system managers are equally clueless about how to protect the "family jewels" of their systems, namely the filesystems and files. One of the principles of computer security is "Know your systems." One way to accomplish Solaris filesystem security is by auditing the filesystems. There are several tools available to accomplish this.

ASET ASET is Sun Microsystems' Automated System Enhancement Tool. Odds are you already have ASET installed on your Solaris system. ASET is part of the Sun package SUNWast. Check for SunWast with the following command:

pkginfo | grep SUNWast

ASET is a set of administrative utilities that can improve system security by allowing the system administrators to check the settings of system files, including both the attributes (permissions, ownership, etc.) and the contents of the system files. There are three security levels associated with ASET, low, medium and high. At the low level, ASET makes no modifications but checks and reports any potential security weaknesses. At the medium level, ASET modifies some of the settings of system files and parameters to restrict system access in order to reduce the risks from security attacks. ASET reports the security weaknesses and the modifications performed to restrict access. At the high level, further restrictions are made to system access, creating a very hardened system. More information can be found in the ASET man page and the administrator manual.

AIDE AIDE (Advanced Intrusion Detection Environment) is an open source system integrity checker, i.e., a utility that compares the properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email reporting. Additionally, support files (databases, reports, etc.) are cryptographically signed. AIDE is available for download at http://www.cs.tut.fi/~rammer/aide.html.

Fix-modes Fix-modes is a set of scripts written by Casper Dik that try to make the filesystem modes more secure. It does this by removing group and world write permissions of all files, devices, and directories listed in /var/sadm/install/contents. Fix-modes creates an audit trail and its changes can be undone. Fix-modes is available at http://www.sun.com/blueprints/tools/FixModes_license.html.

Find One of the best tools for auditing a filesystem is good old find. For instance, to find all the files in /usr that are setuid or setgid, respectively, use these commands:

find /usr ?perm ?u+s ?print find /usr ?perm ?g+s ?print

There should be no files in /etc that are have group and/or other write permissions set. To find those files use

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy